chore(java-on-aws): rename immersion day references to generic workshop naming

Author: Yuriy

.github/workflows/ci.yml

@@ -38,10 +38,10 @@ jobs:
       run: npm install -g aws-cdk
     - name: AWS CDK version
       run: cdk version
-    - name: Build CDK Immersion Day infrastructure
+    - name: Build CDK infrastructure
       run: mvn clean package --no-transfer-progress
       working-directory: ./infrastructure/cdk/
-    - name: CDK Synth Immersion Day infrastructure
+    - name: CDK Synth infrastructure
       run: cdk synth
       working-directory: ./infrastructure/cdk/
     - name: Build unicorn-store-wildfly with Docker

README.md

@@ -1,8 +1,8 @@
-# Java on AWS Immersion Day
+# Java on AWS
 
 ![Java on AWS](resources/welcome.png)
 
-This project contains the supporting code for the Java on AWS Immersion Day. You can find the instructions for the hands-on lab [here](https://catalog.workshops.aws/java-on-aws).
+This project contains the supporting code for the Java on AWS. You can find the instructions for the hands-on lab [here](https://catalog.workshops.aws/java-on-aws).
 
 # Overview
 In this workshop you will learn how to build cloud-native Java applications, best practices and performance optimizations techniques. You will also learn how to migrate your existing Java application to container services such as AWS AppRunner, Amazon ECS and Amazon EKS or how to to run them as Serverless AWS Lambda functions.

infra/README.md

@@ -53,7 +53,7 @@ infra/
 │   └── cdk.json                      # CDK configuration
 ├── cfn/                              # Generated CloudFormation templates
 │   ├── base-stack.yaml
-│   ├── java-on-aws-immersion-day-stack.yaml
+│   ├── java-on-aws-stack.yaml
 │   ├── java-on-amazon-eks-stack.yaml
 │   └── java-spring-ai-agents-stack.yaml
 ├── scripts/
@@ -68,7 +68,7 @@ infra/
 │   │   └── shell-p10k.zsh            # Powerlevel10k config
 │   ├── templates/                    # Workshop-specific post-deploy scripts
 │   │   ├── base.sh
-│   │   ├── java-on-aws-immersion-day.sh
+│   │   ├── java-on-aws.sh
 │   │   ├── java-on-amazon-eks.sh
 │   │   └── java-spring-ai-agents.sh
 │   ├── setup/                        # Infrastructure setup scripts
@@ -96,8 +96,8 @@ infra/
 | Template Type | Resources Created |
 |---------------|-------------------|
 | `base` | VPC, IDE |
-| `java-on-aws-immersion-day` | VPC, IDE, CodeBuild, Database, EKS, WorkshopBucket, EcrRegistry, Unicorn, ECR (unicorn-store-spring), ThreadAnalysis, AiJvmAnalyzer |
-| `java-on-amazon-eks` | Same as java-on-aws-immersion-day |
+| `java-on-aws` | VPC, IDE, CodeBuild, Database, EKS, WorkshopBucket, EcrRegistry, Unicorn, ECR (unicorn-store-spring), ThreadAnalysis, AiJvmAnalyzer |
+| `java-on-amazon-eks` | Same as java-on-aws |
 | `java-spring-ai-agents` | VPC, IDE, CodeBuild, Database, EKS, WorkshopBucket, EcrRegistry, Unicorn, 2x EcsExpressService (unicorn-spring-ai-agent, unicorn-store-spring) |
 
 ---
@@ -215,10 +215,10 @@ public WorkshopStack(...) {
     String prefix = "workshop";
     String templateType = getContext("template.type"); // defaults to "base"
 
-    boolean isImmersionDay = "java-on-aws-immersion-day".equals(templateType);
+    boolean isJavaOnAws = "java-on-aws".equals(templateType);
     boolean isEks = "java-on-amazon-eks".equals(templateType);
     boolean isSpringAi = "java-spring-ai-agents".equals(templateType);
-    boolean isFullTemplate = isImmersionDay || isEks || isSpringAi;
+    boolean isFullTemplate = isJavaOnAws || isEks || isSpringAi;
 
     // Always created
     Vpc vpc = new Vpc(this, "Vpc", ...);
@@ -231,8 +231,8 @@ public WorkshopStack(...) {
         Eks eks = new Eks(...);
         Unicorn unicorn = new Unicorn(...);  // EventBus, EKS/ECS roles, DB setup
 
-        // java-on-aws-immersion-day & java-on-amazon-eks only
-        if (isImmersionDay || isEks) {
+        // java-on-aws & java-on-amazon-eks only
+        if (isJavaOnAws || isEks) {
             new Repository("unicorn-store-spring");  // ECR for manual deployment
             new ThreadAnalysis(...);
             new AiJvmAnalyzer(...);

infra/cdk/src/main/java/sample/com/WorkshopStack.java

@@ -53,12 +53,12 @@ public WorkshopStack(final Construct scope, final String id, final StackProps pr
         }
 
         // Template type flags
-        boolean isImmersionDay = "java-on-aws-immersion-day".equals(templateType);
+        boolean isJavaOnAws = "java-on-aws".equals(templateType);
         boolean isEks = "java-on-amazon-eks".equals(templateType);
         boolean isSpringAi = "java-spring-ai-agents".equals(templateType);
         boolean isAiAgents = "java-ai-agents".equals(templateType);
         boolean isAiAgentsAdvanced = "java-ai-agents-advanced".equals(templateType);
-        boolean isFullTemplate = isImmersionDay || isEks || isSpringAi;
+        boolean isFullTemplate = isJavaOnAws || isEks || isSpringAi;
         boolean needsDatabase = isFullTemplate;
 
         // Core infrastructure (always created)
@@ -122,7 +122,7 @@ public WorkshopStack(final Construct scope, final String id, final StackProps pr
             ))
             .build();
 
-        // Full template resources (java-on-aws-immersion-day, java-on-amazon-eks, java-spring-ai-agents)
+        // Full template resources (java-on-aws, java-on-amazon-eks, java-spring-ai-agents)
         // or java-ai-agents (database only)
         Database database = null;
         if (needsDatabase) {
@@ -149,8 +149,8 @@ public WorkshopStack(final Construct scope, final String id, final StackProps pr
                 .workshopBucket(workshopBucket.getBucket())
                 .build());
 
-            // java-on-aws-immersion-day & java-on-amazon-eks specific resources
-            if (isImmersionDay || isEks) {
+            // java-on-aws & java-on-amazon-eks specific resources
+            if (isJavaOnAws || isEks) {
                 // ECR repository for unicorn-store-spring (manual ECS Express deployment)
                 Repository.Builder.create(this, "UnicornStoreSpringEcr")
                     .repositoryName("unicorn-store-spring")

…cfn/java-on-aws-immersion-day-stack.yaml infra/cfn/java-on-aws-stack.yamlinfra/cfn/java-on-aws-immersion-day-stack.yaml renamed to infra/cfn/java-on-aws-stack.yaml infra/cfn/java-on-aws-immersion-day-stack.yaml renamed to infra/cfn/java-on-aws-stack.yaml

@@ -422,7 +422,7 @@ Resources:
         Fn::GetAtt:
           - CodeBuildRoleE9A44575
           - Arn
-      ContentHash: "1768809143448"
+      ContentHash: "1774370017491"
       ProjectName:
         Ref: CodeBuildProjectA0FF5539
       ServiceToken:
@@ -511,7 +511,7 @@ Resources:
         EnvironmentVariables:
           - Name: TEMPLATE_TYPE
             Type: PLAINTEXT
-            Value: java-on-aws-immersion-day
+            Value: java-on-aws
           - Name: GIT_BRANCH
             Type: PLAINTEXT
             Value: main
@@ -543,6 +543,8 @@ Resources:
                   # Resolution for when creating the first service in the account
                   aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com 2>/dev/null || true
                   aws iam create-service-linked-role --aws-service-name elasticloadbalancing.amazonaws.com 2>/dev/null || true
+                  aws iam create-service-linked-role --aws-service-name network.bedrock-agentcore.amazonaws.com 2>/dev/null || true
+                  aws iam create-service-linked-role --aws-service-name runtime-identity.bedrock-agentcore.amazonaws.com 2>/dev/null || true
         Type: NO_SOURCE
       TimeoutInMinutes: 30
       VpcConfig:
@@ -1362,7 +1364,7 @@ Resources:
               - Ref: AWS::Region
               - |-
                 "
-                export TEMPLATE_TYPE="java-on-aws-immersion-day"
+                export TEMPLATE_TYPE="java-on-aws"
                 export ARCH="x86_64"
                 export IDE_TYPE="code-editor"
                 export WAIT_CONDITION_HANDLE_URL="
@@ -2008,14 +2010,15 @@ Resources:
             Condition:
               ForAllValues:StringEquals:
                 aws-marketplace:ProductId:
-                  - prod-jhuafngbly644
+                  - prod-xdkflymybwmvi
                   - prod-mxcfnwvpd6kb4
+                  - prod-jhuafngbly644
                   - prod-4pmewlybdftbs
               "Null":
                 aws-marketplace:ProductId: "false"
             Effect: Allow
             Resource: "*"
-            Sid: MarketplaceSubscribeClaude45Opus45Sonnet4Sonnet
+            Sid: MarketplaceSubscribeClaude
           - Action:
               - acm:*
               - apigateway:*
@@ -2031,6 +2034,8 @@ Resources:
               - cloudwatch:*
               - codewhisperer:*
               - cognito-idp:*
+              - dbqms:*
+              - dynamodb:*
               - ec2:*
               - ecr:*
               - ecs:*
@@ -2040,6 +2045,7 @@ Resources:
               - lambda:*
               - logs:*
               - q:*
+              - rds-data:*
               - rds:*
               - s3:*
               - s3vectors:*
@@ -2069,10 +2075,42 @@ Resources:
             Sid: CreateServiceLinkedRole
           - Action:
               - iam:GetRole
+              - iam:ListAttachedRolePolicies
+              - iam:ListRolePolicies
               - iam:ListRoles
             Effect: Allow
             Resource: "*"
             Sid: GetRole
+          - Action:
+              - iam:AttachRolePolicy
+              - iam:CreateRole
+              - iam:DeleteRole
+              - iam:DeleteRolePolicy
+              - iam:DetachRolePolicy
+              - iam:PutRolePolicy
+              - iam:UpdateAssumeRolePolicy
+            Condition:
+              StringEquals:
+                iam:PermissionsBoundary: !Sub arn:aws:iam::${AWS::AccountId}:policy/workshop-boundary
+            Effect: Allow
+            Resource:
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/aiagent*
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/backoffice*
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/mcp*
+            Sid: AiAgentCreateRoles
+          - Action: iam:PassRole
+            Condition:
+              StringEquals:
+                iam:PassedToService:
+                  - bedrock.amazonaws.com
+                  - bedrock-agentcore.amazonaws.com
+                  - lambda.amazonaws.com
+            Effect: Allow
+            Resource:
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/aiagent*
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/backoffice*
+              - !Sub arn:aws:iam::${AWS::AccountId}:role/mcp*
+            Sid: AiAgentPassRole
           - Action: ec2:RunInstances
             Condition:
               StringLike:
@@ -2116,6 +2154,48 @@ Resources:
     Type: AWS::CloudFormation::WaitCondition
   IdeWaitConditionHandleE8345861:
     Type: AWS::CloudFormation::WaitConditionHandle
+  IdeWorkshopBoundaryDEE72AD4:
+    Properties:
+      Description: ""
+      ManagedPolicyName: workshop-boundary
+      Path: /
+      PolicyDocument:
+        Statement:
+          - Action:
+              - aws-marketplace:Subscribe
+              - aws-marketplace:Unsubscribe
+              - aws-marketplace:ViewSubscriptions
+              - bedrock-agentcore:*
+              - bedrock:*
+              - cloudfront:*
+              - cloudwatch:*
+              - cognito-idp:*
+              - dynamodb:*
+              - ec2:CreateNetworkInterface
+              - ec2:DeleteNetworkInterface
+              - ec2:DescribeNetworkInterfaces
+              - ec2:DescribeSecurityGroups
+              - ec2:DescribeSubnets
+              - ec2:DescribeVpcs
+              - ecr:*
+              - lambda:InvokeFunction
+              - logs:*
+              - s3:*
+              - s3vectors:*
+              - secretsmanager:GetSecretValue
+              - xray:*
+            Effect: Allow
+            Resource: "*"
+            Sid: AllowedServicesForRoles
+          - Action:
+              - account:*
+              - iam:*
+              - organizations:*
+            Effect: Deny
+            Resource: "*"
+            Sid: DenyIAM
+        Version: "2012-10-17"
+    Type: AWS::IAM::ManagedPolicy
   ThreadAnalysisLambda3EE9B29D:
     DependsOn:
       - ThreadAnalysisLambdaRoleDefaultPolicyC7AD40BA
@@ -3110,7 +3190,7 @@ Resources:
             - Ref: AWS::AccountId
             - "-"
             - Ref: AWS::Region
-            - "-20260119085223"
+            - "-20260324173337"
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true

infra/scripts/cfn/generate.sh

@@ -13,7 +13,7 @@ cd "$(dirname "$0")/../../cdk" || {
 echo ""
 echo "Select template to generate:"
 echo "  0) All templates"
-echo "  1) java-on-aws-immersion-day"
+echo "  1) java-on-aws"
 echo "  2) java-on-amazon-eks"
 echo "  3) java-spring-ai-agents"
 echo "  4) java-ai-agents"
@@ -23,8 +23,8 @@ read -p "Enter choice [0-5]: " choice
 
 # Determine which templates to generate
 case $choice in
-    0) templates=("java-on-aws-immersion-day" "java-on-amazon-eks" "java-spring-ai-agents" "java-ai-agents" "java-ai-agents-advanced") ;;
-    1) templates=("java-on-aws-immersion-day") ;;
+    0) templates=("java-on-aws" "java-on-amazon-eks" "java-spring-ai-agents" "java-ai-agents" "java-ai-agents-advanced") ;;
+    1) templates=("java-on-aws") ;;
     2) templates=("java-on-amazon-eks") ;;
     3) templates=("java-spring-ai-agents") ;;
     4) templates=("java-ai-agents") ;;

infra/scripts/cfn/sync.sh

@@ -14,7 +14,7 @@ cd "$SCRIPT_DIR/../.." || {
     exit 1
 }
 
-WORKSHOPS=("java-on-aws-immersion-day" "java-on-amazon-eks" "java-spring-ai-agents" "java-ai-agents" "java-ai-agents-advanced")
+WORKSHOPS=("java-on-aws" "java-on-amazon-eks" "java-spring-ai-agents" "java-ai-agents" "java-ai-agents-advanced")
 
 # Shared IAM policy file used by all workshops
 SHARED_POLICY_FILE="cdk/src/main/resources/iam-policy.json"
@@ -28,7 +28,7 @@ fi
 echo ""
 echo "Select template to sync:"
 echo "  0) All templates"
-echo "  1) java-on-aws-immersion-day"
+echo "  1) java-on-aws"
 echo "  2) java-on-amazon-eks"
 echo "  3) java-spring-ai-agents"
 echo "  4) java-ai-agents"
@@ -39,7 +39,7 @@ read -p "Enter choice [0-5]: " choice
 # Determine which workshops to sync
 case $choice in
     0) selected_workshops=("${WORKSHOPS[@]}") ;;
-    1) selected_workshops=("java-on-aws-immersion-day") ;;
+    1) selected_workshops=("java-on-aws") ;;
     2) selected_workshops=("java-on-amazon-eks") ;;
     3) selected_workshops=("java-spring-ai-agents") ;;
     4) selected_workshops=("java-ai-agents") ;;
@@ -54,9 +54,18 @@ log_info "Syncing CloudFormation templates and policies to workshop directories.
 
 synced_count=0
 
+# Map template name to actual folder name (when they differ)
+get_folder_name() {
+    case "$1" in
+        "java-on-aws") echo "java-on-aws-immersion-day" ;;
+        *) echo "$1" ;;
+    esac
+}
+
 for workshop in "${selected_workshops[@]}"; do
-    # Target is sibling to repo root: ../../{workshop}/static
-    target_dir="../../$workshop/static"
+    # Target is sibling to repo root: ../../{folder}/static
+    folder_name=$(get_folder_name "$workshop")
+    target_dir="../../$folder_name/static"
 
     if [[ -d "$target_dir" ]]; then
         # Copy workshop-specific CloudFormation template -> workshop-stack.yaml
@@ -66,7 +75,7 @@ for workshop in "${selected_workshops[@]}"; do
                 log_error "Failed to copy template for $workshop"
                 exit 1
             }
-            log_success "Synced $template_file to $workshop/static/workshop-stack.yaml"
+            log_success "Synced $template_file to $folder_name/static/workshop-stack.yaml"
         else
             log_error "Template file $template_file not found"
             exit 1
@@ -77,11 +86,11 @@ for workshop in "${selected_workshops[@]}"; do
             log_error "Failed to copy policy for $workshop"
             exit 1
         }
-        log_success "Synced $SHARED_POLICY_FILE to $workshop/static/iam-policy.json"
+        log_success "Synced $SHARED_POLICY_FILE to $folder_name/static/iam-policy.json"
 
         ((synced_count++))
     else
-        log_info "Directory $target_dir not found, skipping $workshop"
+        log_info "Directory $target_dir not found, skipping $workshop ($folder_name)"
     fi
 done